A database belonging to the BART Police Officers Association appears to have been hacked, and the names, postal and email addresses of officers posted online.
Just over 100 officers are listed in the document, in what is clearly a serious security breach.
The reason why BART is the focus for so much attention by hackers? Last week, in a highly controversial move, several BART stations in San Francisco halted their cellphone service for a few hours. It was believed that people protesting about the fatal shooting of a homeless man by BART police, might be co-ordinating their protest via mobile phone.
Of course, what’s happened now is that over 100 innocent police officers have had their safety put at risk by hackers revealing their private information.
Earlier this week the Anonymous were blamed for hacking the myBART.org website – belonging to San Francisco’s BART (Bay Area Rapid Transit) system, and there has been speculation online that hackers affiliated with Anonymous may also be responsible for this latest attack.
But it seems even “official” Anonymous mouthpieces for the movement, aren’t sure as to whether it’s Anonymous’s work or not.
I guess one of the problems of being a decentralised hacktivist group, with no leadership structure and no way of identifying members, is that anyone can claim to have done something under the Anonymous banner and no-one can credibly argue that it wasn’t an Anonymous action.
After all, if it’s truly anonymous how is anyone to know what they have done and what they haven’t done?
Many Anonymous supporters may see this as an advantage. Me? I’m not so sure.
One thing is for certain – the BART Police Officers Association has been caught with its pants down. Its website is currently offline (replaced with a holding page) and it seems likely that a vulnerability on their site will have let the hackers access the police officer’s database.
Clearly the information had not been properly secured. In the current climate of high profile hacks that’s not excusable. Other forces would be wise to look at their own sites and make sure that they are not similarly vulnerable to attack.Follow @gcluley